The same pattern works fine for EPEL, but I switched back to using REPOTRACK for EPEL, because I rarely utilize more than a few hundred MB of the EPEL packages and finally got around to parsing out a list.

“rs32-reposync-update.sh” # for getting base, updates, and extras.

“rs64-reposync-update.sh” # for getting base, extras

And, a REPOTRACK script for getting selected packages from EPEL:

“rt64-c7x64-update.sh”

An easy way to begin using REPOTRACK is to query existing systems for what packages are installed from a given repo. To gather my EPEL package list, I ran these two commands on all of my application servers:

Parse the results however you want, and you’ve got the basis for your repotrack script. Repotrack doesn’t behave exactly like reposync, but it DOES get dependencies for packages, so it isn’t necessary to identify everything in advance. It also works with wildcards.

Synchronize the directories for the repositories.

The –newest-only option puts only the latest version of each package in the repos.

note: “repoid” must match a repo name in “/etc/yum{$}.repos.d/{$}.repo”

Avahi is running, so I can use *.local name resolution and skip more complicated DNS and/or host file configurations.

open-vm-tools is running. I have a couple folders shared into the VM for getting scripts and outputting config backups.

SSHD is running. I do most of my activity via a host MacOS terminal ssh connection.

I use nano as editor on CentOS VMs. If you prefer vi, emacs, or something else… thats ok with me.

The VM gets TIME from the host, via hypervisor/open-vm-tools, so it doesn’t need NTP or Chrony.

Virtual hardware items Printer, Sound, USB, Camera, and Bluetooth have been removed from the VM config.

The VM using NVMe for hard disks and SATA for cdrom. No IDE or SCSI.

The reduced hardware profile enables removing a lot of firmware packages from these VMs.

It’s easy/fast to make a ZIP backup copy of an entire VM, so I’m moderately aggressive with removing things like dracut emergency/rescue packages, old kernels, yum caches, etc. If I break a VM, I just revert to a previous backup.

With VMs under 20GB in size, making ZIP backups via the host OS filesystem is often faster than managing VMware snapshots. Also, I like knowing that I have fully contained/atomic backups set to the side and quickly available if needed.

I have some custom scripts that clean up the VM contents and shrink the vdisk (to reduce disk usage on host system).

There are many options to further minimize and harden these VMs, but this current baseline maintains normal CentOS/Fedora/RHEL/Oracle functionality and compatibility.

Using a local RepoSync + RepoTrack enables installs/updates without internet for the target nodes, it speeds up the install/update time for all of the VMs, and it provide much better awareness/control over what packages are getting installed.

Using PXE/Kickstart automates a lot of the tedious/repetitive installation activities. Doing kickstarts from local repos eliminates the need for maintaining a collection of downloaded ISOs.

An instance installed from ISO immediately needs updates; but kickstart from local repos takes care of that during the initial install.

Additionally, kickstart can run “%POST” activities to perform more setup/config work, even installing and fully configuring software applications.